2 Answers
2

What threat are you tryiung to protect against? Accidental media loss? Server access compromise? Physical hardware loss? The options and solutions vary vastly with the threat being mitigated.

A disk encryption system, like BitLocker, will encrypt the entire disk in a very eficient fashion but it only protects against physical loss of the hardware or accidental loss of the harddrive. A solution like TDE will protect the media (the database files) including backups, and including workload spills in tempdb. File level encryption (EFS) does not work with SQL Server. More precisly, it works with abismall performance.

These are the only options that work out-of-the box for any application. Other solutions include encrypting the data in the applicaiton or using the SQL Server cryptographic API (EncryptByKey). But these all require you to design the application specifically for using the cryptographi API (ie. are not transparent).

Bu again, the most important decision to make is to clearly state the threat you're trying mitigate.

Basically, what I need is TDE, but it only works on Sql Server Enterprise Edition, and we have a remote server using Web Edition. The threat is that the data is private information and should not be seen plain text. I wonder how people encrypted their Sql Server Databases before TDE came along with 2008? I have seen EncryptByKey and DecryptByKey. Seems like it will be a usable option in my case, but I was hoping for more like an alternative to TDE. Oh well, thanks for clarifying. :)
–
BrandiJun 30 '10 at 14:18

Also, it strikes me as not very secure that the certificate for encrypting and decrypting would be sitting in the database together with the information?
–
BrandiJun 30 '10 at 14:50